Opened 6 years ago

Last modified 6 years ago

#5803 enhancement new

Allow fallback from CRAM-MD5 in t.m.smtp

Reported by: philmayers Owned by:
Priority: normal Milestone:
Component: mail Keywords: smtp authentication md5
Cc: Branch:


As documented in this Thunderbird ticket:

...some SMTP servers present CRAM-MD5 in the EHLO banner, but cannot successfully complete a CRAM-MD5 authentication for some/all users (perhaps because the relevant secrets are absent server-side).

Twisted will currently fail with these servers; it always tries CRAM-MD5 first, and does not fall back. See:

There are obviously security considerations here - it might be a man-in-the-middle attack.

More generally, there is no way to influence the set and behaviour of auth methods used by the Twisted SMTP code; the ESMTPSender class uses a private method, _registerAuthenticators, to initialise the list from init

Change History (1)

comment:1 Changed 6 years ago by philmayers

Component: coremail
Keywords: smtp authentication md5 added
Note: See TracTickets for help on using tickets.